Two-factor Authentication, also referred to as Multi-Factor Authentication, or 2FA, is typically where you log in to something and have to type in a small code from your mobile device in order to finish the sign-in process. It’s really the only thing protecting your accounts anymore, so it’s critical to use it.

Windows 7 might not be supported by Microsoft any longer, but millions of people are still using PCs that run the antiquated operating system. Since Microsoft has put an end to extended support for Windows 7 OS, a couple bugs have been found. Let’s take a look at what exactly is behind these issues and discuss your options.

Picture this… In your office you have a bag filled with thousands of envelopes. In each envelope there is $242 in cash. Unbeknownst to you, a thief has gained access to your office, but you don’t realize this until 279 days later. How much is this going to cost your business?

Phishing attacks have been in the social consciousness now for a while, and for good reason. Phishing is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out well.

The funny thing about ransomware is their very strange names! Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de Seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam. It is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Every business in operation today needs to have some kind of comprehensive network security. Simply put, there are too many threats that can come in through an Internet connection for them to continue doing otherwise. The past year provides plenty of anecdotal proof of this fact.

The term “hacker” is possibly one of the best-known technology-related terms there is, thanks to popular culture. Properties like The Girl with the Dragon Tattoo and the Die Hard franchise have given the layman a distinct impression of what a hacker is. Unfortunately, this impression isn’t always accurate. Here, we’ll discuss what real-life hackers are like, and the different varieties there are.

Social media has been an emerging technology in recent years, and has produced many threats. Hackers have learned that they can take advantage of these communication mediums to launch dangerous new attacks on unsuspecting users. With enough ingenuity on a hacker’s part, they can potentially steal the identity of a social media user. Here are some of the best ways that your organization can combat identity theft through social media.

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries, its error messages divulge enough information that, after a short time, they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack.”

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that, with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact CTN at (610) 828-5500.

If your business were to be struck by a Distributed Denial of Services (DDoS) attack, would it recover in a timely manner? Do you have measures put in place to keep it from hampering your operations? While most organizations claim to have sufficient protection against these dangerous attacks, over half have proven to be ineffective against DDoS.

First, we’ll give a brief explanation of what a DDoS attack specifically entails. In its most basic form, a DDoS attack involves overloading your organization’s network with so much traffic that it can’t handle the strain. When this happens, access to critical information and services can be lost, hindering operations and causing downtime. This is the main damage dealer of a DDoS attack, and any business executive can see why. When productivity is impacted, like during downtime, time and profits are wasted.

According to a recent report from CDNetworks, an immense 88 percent of companies believe that they have adequate defenses against DDoS attacks. 69 percent of these companies have also suffered from a DDoS attack in the past twelve months, which should prompt any open-minded company to consider whether or not the measures taken are actually helping.

To give you an idea of just how much this protection is costing these organizations, let’s take a look at some other statistics. US companies tend to spend somewhere around $34,700/year on DDoS protection, while European countries spend around $29,000/year. With such a significant investment, why do DDoS mitigation attempts fall short of the desired goal, and what can be done to solve these issues?

Learning from these failures is the ideal approach to securing your organization from DDoS attacks. Sixty-six percent of organizations are already making plans to invest more heavily in DDoS attack prevention and mitigation over the next year. How do you plan to protect your business from the threat of DDoS attacks against your network?

If you aren’t sure how to protect your organization from major threats like DDoS attacks, reach out to CTN Solutions at (610) 828-5500.

Students generally love it when classes are cancelled for whatever reason, but thanks to a cybercriminal group called TheDarkOverlord Solutions, a school in Flathead Valley, Montana was disrupted for an extended period of time. This downtime resulted in a disruption of operations for over 30 schools, as well as the threat to the personal information of countless teachers, students, and administrators due to a ransomware attack.

TheDarkOverlord Solutions also went as far as to make graphic death threats against the children attending the schools, taking advantage of the memory of recent school shootings. This hack resulted from the Columbia Falls district server being targeted, which contained all sorts of personal data belonging to residents of the school district. This includes addresses, medical histories, behavioral history, and other information that’s helpful to cybercriminals. Thanks to these events, 30 schools closed and canceled any weekend activities. When class resumed, there was more security in place.

TheDarkOverlord Solutions, true to its name, targets individuals that have particularly lucrative data on the line. In July 2017, they were responsible for a major information harvest from healthcare providers which resulted in almost 9.5 million records going up for sale on the black market. These records were reportedly stolen from a clinic, a healthcare provider, and a health insurance provider.

This same group also reached out and made their name known by stealing media from Netflix. The popular series Orange is the New Black was released prior to its actual release date, thumbing the nose of the audio post-production studio that provided a ransom of $50,000. It just goes to show that you can never trust a thief!

All signs point toward the Columbia Falls school district to not pay the ransom demanded of them. They made the correct choice by not giving in to the demands of hackers, as there is no reasonable expectation that the data will be handed back. If they do decide to pay the ransom, it’s money that’s just going toward funding further ransomware attacks. Plus, if they are willing to pay, it just shows that the tactic actually works.

The best way to stay secure is to protect your organization against all types of threats. To learn more, reach out to CTN at (610) 828-5500.

Dealing with disasters are a part of doing business. You know how difficult it is to recover from a devastating flood or storm. While businesses tend to suffer from these situations, countless individuals suffer every time a natural disaster hits. Just take a look at the United States in recent weeks. Even though you may want to donate to people suffering from hurricanes, there are illegitimate charities out there that want to make a quick buck off of your generosity.

Donations now take advantage of web pages and online applications that can send your donations to those in need through an electronic payment system. This is why it’s much easier for scammers and fake charities to steal from those who simply want to do some good in the world. If you’re going to go out on a limb for someone else, be sure to keep these tips in mind before making a donation.

Donate Only to Charities that You KnowBelieve it or not, there are people who will purchase the domain names for specific hurricanes as soon as the names of the storms are revealed. They plan to scam users from the start. If you’re ever in a position to donate to those in need, try to pick a charity that you’re familiar with to keep this from happening.

Confirm the Authenticity of These OrganizationsWhen you’re looking for an organization to donate to, take some time to make sure that it’s one that is legitimate. You can evaluate the legitimacy of various charities at the following websites: Charity Navigator, Charity Watch, GuideStar, or the Better Business Bureau’s Wise Giving Alliance.

Be Skeptical of LinksIf a major disaster has occurred, be wary of any messages in your inbox asking you to donate. Hackers may take the opportunity to scam users with phishing emails designed to garner support for those struck by a natural disaster. Links could lead to downloads or infected attachments that could infect your PC with malware.

If you would like to donate safely to those who are suffering due to Hurricanes Harvey and Irma, you can trust FEMA and the National Voluntary Organizations Active in Disaster. Remember, just because you want to help someone in need doesn’t mean that you should put yourself at risk.

Let’s say that you receive an email from a software vendor, say, Microsoft. When you are contacted by a major company like this, do you automatically assume that it’s secure, or are you skeptical that it’s a scam? Ordinarily, it might not seem like a big issue, but all it takes is one click on an infected attachment or malicious link to infect your business’s infrastructure.

The average business owner may already be aware of what are called phishing attacks - scams that attempt to deceive and trick users into handing over sensitive credentials. However, not all phishing attacks are of the same severity, and some are only interested in hauling in the big catch. These types of attacks are called “whaling,” and are often executed in the business environment under the guise of executive authority.

Whaling attacks are designed to mimic the behaviors of CEOs or other members of upper management. This could be in the form of a manager, a COO, or even a CIO. Whaling attacks are often successful because they appear to come from a legitimate source; nobody expects their boss to get hacked, and naturally they will want to do as they say. It appeals to the nature of the office worker to want to avoid conflict with upper management, and the fear of getting in trouble for insubordination. In addition to looking like an official business email, some whaling schemes may even resemble documents from the FBI or other government institutions.

Once this fear has been instilled in the hearts of the average office worker, it’s only a matter of time before one of two things happen: 1) The hacker gets what they want, be it sensitive credentials, a fraudulent wire transfer, or otherwise, or 2) The office worker realizes that they’ve been duped, and deletes the email. Unless the worker knows what to look for in a phishing message, however, the more likely scenario is the former.

In the face of any type of phishing attack, be it a spear-phishing attack or a targeted whaling attack, it’s important to remember that you should always think with your brain first before immediately reacting to a message like this. Take a moment to consider how much sense it makes to follow the instructions in the email that you’ve received. By simply taking a deep breath and calmly analyzing the email, you could be saving yourself a lot of pain and frustration.

As is the case with any phishing attack, look for irregularities in both the message itself, and the address that the message came from. Does it come from a legitimate sender? If so, what’s the email address? Look it over carefully and try to spot anything that’s out of place. Are there any numbers or letters that are trying to mask the true email address? Is there anything suspicious about the contents of the email? Look for curiously repetitive or urgent requests. Hackers like to use time-sensitive language to rush users into making a decision.

In dangerous situations like this, wouldn’t it be great if any whaling attacks and other phishing schemes stayed out of your inbox in the first place? With a spam blocking solution, your business will have little to fear from dangerous or fraudulent messages by eliminating them from your inbox entirely. We offer powerful enterprise-level spam blocking solutions that are designed to keep your business free of malicious or wasteful messages. To learn more, give us a call at (610) 828-5500.

Let’s say you get an email from a close friend. It looks like it’s legitimate, until you check the contents of the message. It’s an advertisement, or it’s trying to get you to click on a link to see something “important.” Regardless of what the content of the message is, you should probably slap that bad boy in the Spam section of your email inbox. You’ve just been the target of email spoofing, and it’s more common than you might think.

One of the most masterful arts of deception that hackers use is the phishing attack, which attempts steal sensitive credentials from unwary victims. The anonymity afforded to criminals on the Internet is what makes this possible. Using phishing attacks, hackers attempt to steal credentials or personal records by forging their identities. What’s the best way to protect your business from these attacks?

This October is Cybersecurity Month! Some businesses think that they’re immune to hacking attacks because they’re “low profile” compared to huge corporations. However, the truth of the matter is that your organization is just as much at risk as they are. This month, take measures to keep your organization’s data safe, or risk losing everything in the fallout of a hacking attack.

Malware that targets ATMs isn’t a new concept. After all, ATMs use internal computers that can be hacked just the same as any old workstation. The prime difference is that hacking into an ATM allows for a direct dispensing of cash, rather than some crafty behind-the-scenes action. A new type of ATM malware, titled GreenDispenser, is a cause for concern in Mexico, and could spread to other countries if left unchecked.

Latest News & Events

CTN has been named to the 2020 Managed Services (MSP) 500 list of accomplished IT providers in North America by CRN and The Channel Company. This popular list identifies North American solution providers that deliver operational efficiencie...

Latest Blog

A lot has been made about the newly-remote workforce that has been doing their best during the COVID-19 pandemic. One issue that many ignore is burnout. Sure, it happens in the office too, but there is something unsettling about getting up ...